Source: http://twizt.net/spl.exe |
Avira URL Cloud: detection malicious, Label: malware |
Source: http://twizt.net/lslut.exe.X |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exe6e |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/InstalledH |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exe& |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exewinsvc.exe |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exevd |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exe.e |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/InstalledFd |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exek |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/InstalledopenMozilla/5.0 |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/spl.exei? |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exe0t~ |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/Installed1 |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exesc |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exewinsvc.exeb |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/spl.exek? |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exewinsvc.exe# |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exew |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exex |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exeeW |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exeNe |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/spl.exers |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exeF |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exepW |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/Installed |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exewinsvc.exe3 |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/spl.exentel64 |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exe |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exe%s:Zone.Identifier%userprofile%%s |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exeSW |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exeO |
Avira URL Cloud: Label: malware |
Source: http://twizt.net/lslut.exeot |
Avira URL Cloud: Label: malware |
Source: C:\Users\user\Desktop\download\spl.exe |
ReversingLabs: Detection: 55% |
Source: C:\Users\user\winsvc.exe |
ReversingLabs: Detection: 55% |
Source: C:\Users\user\Desktop\download\spl.exe |
Joe Sandbox ML: detected |
Source: C:\Users\user\winsvc.exe |
Joe Sandbox ML: detected |
Source: C:\Users\user\Desktop\download\spl.exe |
File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll |
Jump to behavior |
Source: Traffic |
Snort IDS: 2019714 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile 192.168.2.5:49705 -> 185.215.113.66:80 |
Source: Traffic |
Snort IDS: 2853272 ETPRO TROJAN Win32/Phorpiex Bot Executable Payload Inbound 185.215.113.66:80 -> 192.168.2.5:49705 |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 17:00:03 GMTContent-Type: application/octet-streamContent-Length: 11776Last-Modified: Thu, 28 Mar 2024 01:08:34 GMTConnection: keep-aliveETag: "6604c312-2e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 26 04 68 db 62 65 06 88 62 65 06 88 62 65 06 88 45 a3 7d 88 6c 65 06 88 6b 1d 95 88 61 65 06 88 62 65 07 88 2b 65 06 88 6b 1d 93 88 63 65 06 88 6b 1d 85 88 77 65 06 88 6b 1d 82 88 61 65 06 88 6b 1d 97 88 63 65 06 88 52 69 63 68 62 65 06 88 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 fa c2 04 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 12 00 00 00 18 00 00 00 00 00 00 0d 1b 00 00 00 10 00 00 00 30 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 70 00 00 00 04 00 00 8d d7 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 36 00 00 b4 00 00 00 00 50 00 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 35 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 64 10 00 00 00 10 00 00 00 12 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a6 0d 00 00 00 30 00 00 00 0e 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a8 03 00 00 00 40 00 00 00 02 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 50 00 00 00 04 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 84 02 00 00 00 60 00 00 00 04 00 00 00 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |